Upbit says emergency audit of $30M hack uncovered internal wallet flaw that could let attackers derive private keys
Upbit found and patched a critical internal wallet vulnerability during an audit following a $30 million hack, though a direct link remains unconfirmed.Summary
South Korean exchange Upbit announced that an emergency audit following a $30 million theft uncovered a serious security vulnerability in its internal wallet system. CEO Oh Kyung-seok stated the flaw could have allowed an attacker analyzing public blockchain transactions to infer private keys due to a predictable signature generation bug in Upbit's software. While the exchange did not directly link this flaw to the Nov. 27 hack, which involved irregular withdrawals from Solana-related wallets, the issue was discovered during the subsequent systemwide review. The hack resulted in losses of approximately 44.5 billion KRW ($30 million), with $1.5 million already frozen. Upbit has suspended all deposits and withdrawals while conducting a broader security review and has committed to covering all customer losses from its reserves. Authorities are investigating the incident, with early intelligence suggesting potential involvement by North Korea's Lazarus Group.
(Source:The Block)